Lucene search

SWICVE-2023-40459

HistoryDec 04, 2023 - 11:15 p.m.

CVE-2023-40459

2023-12-0423:15:24

CWE-476

SWI

web.nvd.nist.gov

cve-2023-40459

acemanager

aleos 4.16

input sanitization

authentication

dos

denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

The
ACEManager component of ALEOS 4.16 and earlier does not adequately perform
input sanitization during authentication, which could potentially result in a
Denial of Service (DoS) condition for ACEManager without impairing other router
functions. ACEManager recovers from the DoS condition by restarting within ten
seconds of becoming unavailable.

Affected configurations

Nvd

Node

sierrawirelesses450Match-

sierrawirelessgx450Match-

sierrawirelesslx40Match-

sierrawirelesslx60Match-

sierrawirelessmp70Match-

sierrawirelessrv50xMatch-

sierrawirelessrv55Match-

AND

sierrawirelessaleosRange≤4.16.0

VendorProductVersionCPE
sierrawirelesses450-cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*
sierrawirelessgx450-cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*
sierrawirelesslx40-cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:*
sierrawirelesslx60-cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:*
sierrawirelessmp70-cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*
sierrawirelessrv50x-cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*
sierrawirelessrv55-cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:*
sierrawirelessaleos*cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sierrawireless	es450	-	cpe:2.3:h:sierrawireless:es450:-:::::::*
sierrawireless	gx450	-	cpe:2.3:h:sierrawireless:gx450:-:::::::*
sierrawireless	lx40	-	cpe:2.3:h:sierrawireless:lx40:-:::::::*
sierrawireless	lx60	-	cpe:2.3:h:sierrawireless:lx60:-:::::::*
sierrawireless	mp70	-	cpe:2.3:h:sierrawireless:mp70:-:::::::*
sierrawireless	rv50x	-	cpe:2.3:h:sierrawireless:rv50x:-:::::::*
sierrawireless	rv55	-	cpe:2.3:h:sierrawireless:rv55:-:::::::*
sierrawireless	aleos	*	cpe:2.3:o:sierrawireless:aleos::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ALEOS",
    "vendor": "SierraWireless",
    "versions": [
      {
        "lessThanOrEqual": "4.16",
        "status": "affected",
        "version": "4.10",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.9.8",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Related for CVE-2023-40459